WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Brizy – Page Builder Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes and Widget Link To URL - CVE-2024-1161, CVE-2024-3667, CVE-2024-2087, CVE-2024-1164 | WordPress Plugin Vulnerability Report - Vulnerabilities

Brizy – Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes and Widget Link To URL – CVE-2024-1161, CVE-2024-3667, CVE-2024-2087, CVE-2024-1164 | WordPress Plugin Vulnerability Report

June 4, 2024

Plugin Name: Brizy – Page Builder Key Information: Software Type: Plugin Software Slug: brizy Software Status: Active Software Author: themefusecom…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget - CVE-2024-5571 | WordPress Plugin Vulnerability Report - Vulnerabilities

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-5571 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in…

Read about this Latest WordPress Vulnerability

Newsletter Vulnerability – Unauthenticated Stored Cross-Site Scripting via np1 – CVE-2024-5317 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Email Subscribers by Icegram Express Vulnerability - Unauthenticated SQL Injection via hash - CVE-2024-4295 | WordPress Plugin Vulnerability Report - Vulnerabilities

Email Subscribers by Icegram Express Vulnerability – Unauthenticated SQL Injection via hash – CVE-2024-4295 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Vulnerability – Reflected Cross-Site Scripting – CVE-2024-35668 | WordPress Plugin Vulnerability Report

June 3, 2024

Posted in Vulnerabilities, Security

Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Shield Security – Smart Bot Blocking & Intrusion Prevention Security Vulnerability - Cross-Site Request Forgery - CVE-2024-4344 | WordPress Plugin Vulnerability Report - Vulnerabilities

Shield Security – Smart Bot Blocking & Intrusion Prevention Security Vulnerability – Cross-Site Request Forgery – CVE-2024-4344 | WordPress Plugin Vulnerability Report

June 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Shield Security – Smart Bot Blocking & Intrusion Prevention Security Key Information: Software Type: Plugin Software Slug: wp-simple-firewall…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - wpDataTables Vulnerability - Missing Authorization to DataTable Access & Modification - CVE-2024-3821 | WordPress Plugin Vulnerability Report - Vulnerabilities

wpDataTables Vulnerability – Missing Authorization to DataTable Access & Modification – CVE-2024-3821 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Vulnerabilities, Security

Plugin Name: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-5501 | WordPress Plugin Vulnerability Report - Vulnerabilities

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5501 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Vulnerabilities, Security

Plugin Name: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Master Slider – Responsive Touch Slider Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2023-6382 | WordPress Plugin Vulnerability Report - Vulnerabilities

Master Slider – Responsive Touch Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6382 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Security, Vulnerabilities

Plugin Name: Master Slider – Responsive Touch Slider Key Information: Software Type: Plugin Software Slug: master-slider Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Page Builder Gutenberg Blocks – CoBlocks Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles - CVE-2024-2933 | WordPress Plugin Vulnerability Report - Vulnerabilities

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles – CVE-2024-2933 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Infinite Scroll – Ajax Load More Vulnerability - Authenticated (Contributor+) Cross-Site Scripting - CVE-2024-4711 | WordPress Plugin Vulnerability Report - Vulnerabilities

WordPress Infinite Scroll – Ajax Load More Vulnerability – Authenticated (Contributor+) Cross-Site Scripting – CVE-2024-4711 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Vulnerabilities, Security

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active…

Read about this Latest WordPress Vulnerability

Popup Builder Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS – CVE-2024-2506 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Vulnerabilities, Security

Plugin Name: Popup Builder – Create highly converting, mobile friendly marketing popups. Key Information: Software Type: Plugin Software Slug: popup-builder…

Read about this Latest WordPress Vulnerability

Brizy – Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes and Widget Link To URL – CVE-2024-1161, CVE-2024-3667, CVE-2024-2087, CVE-2024-1164 | WordPress Plugin Vulnerability Report

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-5571 | WordPress Plugin Vulnerability Report

Email Subscribers by Icegram Express Vulnerability – Unauthenticated SQL Injection via hash – CVE-2024-4295 | WordPress Plugin Vulnerability Report

Shield Security – Smart Bot Blocking & Intrusion Prevention Security Vulnerability – Cross-Site Request Forgery – CVE-2024-4344 | WordPress Plugin Vulnerability Report

wpDataTables Vulnerability – Missing Authorization to DataTable Access & Modification – CVE-2024-3821 | WordPress Plugin Vulnerability Report

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5501 | WordPress Plugin Vulnerability Report

Master Slider – Responsive Touch Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6382 | WordPress Plugin Vulnerability Report

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles – CVE-2024-2933 | WordPress Plugin Vulnerability Report

WordPress Infinite Scroll – Ajax Load More Vulnerability – Authenticated (Contributor+) Cross-Site Scripting – CVE-2024-4711 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy